Email this article to a friend

Defense authorization bill leaves out reforms to federal IT acquisition

Major reforms to federal IT acquisition processes will have to wait another year,
at least where Congress is concerned.

The agreement by the House and Senate Armed Services committees on the Defense
Authorization bill earlier this week doesn't include the Federal IT Acquisition
Reform Act (FITARA).

"We note that the acquisition of information technology is a challenge across the
federal government and that reform of the information technology acquisition
process remains a priority in the defense committees and the Congress," the
committees' joint explanatory
statement said. "We expect to continue working on improvements in this area
and hope to bring a set of comprehensive reforms forward in the next fiscal year."

The House bill included the
provision that spelled out FITARA, but the Senate bill did not.

Sen. Jeanne Shaheen (D-N.H.) planned to introduce an amendment to include FITARA
in the authorization bill, but never got a chance to do so on the floor.

She still has a FITARA bill before Congress, but the chances of it passing as
stand-alone legislation is unlikely.

"Sen. Shaheen is going to continue to work to find a pathway for the bipartisan
FITARA bill," a Shaheen spokeswoman said by email.

"While the FITARA amendment not being included in NDAA is a disappointment, the
Oversight [and Government Reform] Committee approved H.R. 1232 on a unanimous
bipartisan vote," said a committee spokesman by email. "Chairman [Darrell] Issa
(R-Calif.) is optimistic a standalone bill addressing critical IT procurement
reforms will move forward in both houses next year."

This provision followed a similar fate as FITARA. In this case, the Senate bill included the
provision, but not the House version.

"We note that the department has recently made the congressional Defense
committees aware of a proposal that addresses the concerns raised by the Senate
committee-reported bill. We will evaluate this proposal before making a decision
on elevating the DCMO and designating that new position as responsible for the CIO
roles," the report stated.

Defense Secretary Chuck Hagel last week announced major
changes to the structure of the Office of Secretary of Defense, which included
the idea of the CIO taking over the business systems oversight from the DCMO.

This change received strong support from former DoD CIOs and senior executives. In
a letter to House and Senate Armed Services committee members
from July, five former DoD senior officials advocated for the merger, saying the
CIO's position needs to be strengthened given today's complex IT and management
environment.

Cloud, cyber provisions

The DoD authorization bill agreement contains several other interesting
provisions, including the decision by lawmakers not to support the House's
language limiting funding the integrated health records system.

The joint statement said the Senate bill didn't contain such a provision to limit
the amount DoD and the Veterans Affairs could spend on the joint interoperable
system to 25 percent of the $344 million requested until the Defense Secretary
submits a report to Congress detailing an analysis of alternatives.

Another interesting provision in the bill focuses on cloud computing.

Lawmakers want DoD's CIO and undersecretary for Acquisition, Technology and
Logistics to supervise the development and implement plans for the acquisition of
cloud computing capabilities worth more than $1 million for intelligence,
surveillance and reconnaissance data analysis in the military services and Defense
agencies

Lawmakers also focused on several cybersecurity issues.

Two of the more interesting provisions would require the President to establish an
interagency process to develop an integrated policy to deter adversaries in
cyberspace. The provision would require the President to provide a report to the
congressional defense committees on this policy within 270 days after the
enactment of this Act.

Additionally, the bill included language to require the President to establish an
interagency process with input from industry to develop policy to control the
proliferation of cyber weapons through unilateral and cooperative export controls,
law enforcement activities, financial means, diplomatic engagement and other means
that the President considers appropriate. The provision would also require the
President to develop a statement of principles regarding U.S. positions on
controlling the proliferation of cyber weapons to create new opportunities for
bilateral and multilateral cooperation to address this shared threat. The
provision would require the interagency process to produce recommendations within
270 days of the enactment of this Act.